[gnutls-help] gnutls 3.4.13

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jun 6 19:41:51 CEST 2016


Hello, 
 I've just released gnutls 3.4.13. This is a bug fix release of the
current stable branch, which addresses a vulnerability for setuid
programs introduced in gnutls 3.4.12 -see
http://www.gnutls.org/security.html#GNUTLS-SA-2016-1 

* Version 3.4.13 (released 2016-06-06)

** libgnutls: Consider the SSLKEYLOGFILE environment to be compatible
with
   NSS instead of using a separate variable; in addition append any
keys to
   the file instead of overwriting it.

** libgnutls: use secure_getenv() where available to obtain environment
   variables. Addresses GNUTLS-SA-2016-1.

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.13.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.13.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos




More information about the Gnutls-help mailing list